maha

Membres

Afficher le profil Afficher son activité

Compteur de contenus
27
Inscription
le 29 septembre 2010
Dernière visite
le 5 mai 2011

maha's Achievements

Member (4/12)

Réputation sur la communauté

Problème déconnexion réseau

maha a posté un sujet dans Internet & Réseaux

bonjour, depuis quelques jours sur un poste de travail en accédant au voisinage réseau une boîte s'ouvre pour me demander de resaisir mon compte d'ouverture de session alors qu'il a été validé déja au démarrage du PC. Dans l'observateur d'évènement j'ai un message : idevent :4960 categ: spnego source: LSASRV idevent:5719 categ: aucune source:netlogon NB: je suis sous winxp professionne serv pack2
- le 20 avril 2011
- 2 réponses
pb déconnexion réseau

maha a répondu à un sujet dans Analyses et éradication malwares

All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully. C:\Program Files\Avira\AntiVir Desktop\avsda.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully. File C:\Program Files\Avira\AntiVir Desktop\avsda.dll not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024\ deleted successfully. File C:\Program Files\Avira\AntiVir Desktop\avsda.dll not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\https deleted successfully. Service XAMPP stopped successfully! Service XAMPP deleted successfully! Service HidServ stopped successfully! Service HidServ deleted successfully! Service AntiVirUpgradeService stopped successfully! Service AntiVirUpgradeService deleted successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3055393796-1024469015-745597161-1250Core.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3055393796-1024469015-745597161-1250UA.job moved successfully. C:\WINDOWS\tasks\Nouvelle Tâche.job moved successfully. File\Folder C:\*.sqm not found. C:\Program Files\Avira\AntiVir Desktop\FAILSAFE folder moved successfully. C:\Program Files\Avira\AntiVir Desktop folder moved successfully. C:\Program Files\Avira folder moved successfully. C:\WINDOWS\system32\drivers\avgntflt.sys moved successfully. C:\WINDOWS\system32\drivers\ssmdrv.sys moved successfully. C:\Program Files\Tenable folder moved successfully. C:\WINDOWS\PEV.exe moved successfully. C:\WINDOWS\sed.exe moved successfully. C:\WINDOWS\MBR.exe moved successfully. C:\WINDOWS\grep.exe moved successfully. C:\WINDOWS\zip.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 61128799 bytes ->Flash cache emptied: 3247 bytes User: administrateur.SONELGAZSK ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 281403 bytes ->FireFox cache emptied: 67002448 bytes ->Flash cache emptied: 8734 bytes User: administrateur.SONELGAZSK.000 ->Temp folder emptied: 25101107 bytes ->Temporary Internet Files folder emptied: 5036264 bytes ->FireFox cache emptied: 71914868 bytes ->Opera cache emptied: 4385888 bytes ->Flash cache emptied: 2991 bytes User: ADMINI~1~000 User: All Users User: boua ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: bouchtata ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: directeur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: INTERNET ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 2240601 bytes User: internetn ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 16451 bytes ->FireFox cache emptied: 1522101 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 49152 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: rm ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: zou ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 202479 bytes ->FireFox cache emptied: 17136898 bytes User: zoum ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 4314529 bytes ->Google Chrome cache emptied: 28153693 bytes ->Opera cache emptied: 52 bytes ->Flash cache emptied: 1824 bytes %systemdrive% .tmp files removed: 4 bytes %systemroot% .tmp files removed: 2114937 bytes %systemroot%\System32 .tmp files removed: 3768320 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 92 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 83586145 bytes Total Files Cleaned = 361,00 mb [EMPTYFLASH] User: Administrateur ->Flash cache emptied: 0 bytes User: administrateur.SONELGAZSK ->Flash cache emptied: 0 bytes User: administrateur.SONELGAZSK.000 ->Flash cache emptied: 0 bytes User: ADMINI~1~000 User: All Users User: boua User: bouchtata User: Default User User: directeur User: INTERNET User: internetn User: LocalService User: NetworkService User: rm User: zou User: zoum ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated. OTL by OldTimer - Version 3.2.22.3 log created on 04122011_102012 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_7d0.dat not found! Registry entries deleted on Reboot...
- le 12 avril 2011
- 26 réponses
pb déconnexion réseau

maha a répondu à un sujet dans Analyses et éradication malwares

bonjour; j'ai désinstallé : Tenable Network Security (Nessus Vulnerability Scanner) LosT_Downloads pour AntiVir il a été mal désinstatté dés le départ (il n'apparait pas dans l'ajout/suppression des programmes) ci-dessous le rapport de OTL mais dites moi comment faire pour nettoyer le deuxième PC dont je vous ai parlé (le phénomène de la connexion réseau qui se coupe il y'ai toujours malgrais le scan avec mbam et AVG -à jours- et qui ne détectent aucune infection) OTL logfile created on: 11/04/2011 13:52:57 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 014,00 Mb Total Physical Memory | 224,00 Mb Available Physical Memory | 22,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71,45 Gb Total Space | 10,63 Gb Free Space | 14,88% Space Free | Partition Type: NTFS Drive W: | 29,81 Gb Total Space | 25,08 Gb Free Space | 84,14% Space Free | Partition Type: NTFS Drive Y: | 61,45 Gb Total Space | 57,27 Gb Free Space | 93,20% Space Free | Partition Type: NTFS Drive Z: | 77,84 Gb Total Space | 65,73 Gb Free Space | 84,44% Space Free | Partition Type: NTFS Computer Name: INTERNETCONNECT | User Name: administrateur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/04/07 13:26:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\OTL.exe PRC - [2011/03/25 10:17:22 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2011/03/25 10:17:21 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2011/03/25 10:17:17 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2011/03/25 10:17:15 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2011/03/25 10:17:11 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2011/03/25 10:17:07 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2011/02/07 08:07:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2009/12/04 12:44:48 | 000,773,120 | ---- | M] (Dominik Reichl) -- C:\Program Files\KeePass Password Safe\KeePass.exe PRC - [2009/09/15 10:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE PRC - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008/05/13 15:59:11 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe PRC - [2008/05/02 05:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe PRC - [2007/09/20 18:34:22 | 000,936,960 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe PRC - [2007/02/27 20:32:30 | 000,061,440 | ---- | M] (http://ocsinventory.sourceforge.net'>http://ocsinventory.sourceforge.net) -- C:\Program Files\OCS Inventory Agent\OcsService.exe PRC - [2006/01/13 22:59:08 | 000,159,772 | ---- | M] (H.Shirouzu) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Menu Démarrer\Programmes\Démarrage\ipmsg.exe PRC - [2004/08/04 05:54:50 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [1998/06/10 12:43:18 | 000,091,648 | ---- | M] () -- C:\orant\BIN\TNSLSNR80.EXE ========== Modules (SafeList) ========== MOD - [2011/04/07 13:26:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\OTL.exe MOD - [2008/05/02 05:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll MOD - [2004/08/04 05:52:46 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (XAMPP) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [Auto | Stopped] -- -- (AntiVirUpgradeService) SRV - [2011/03/25 10:17:11 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2011/03/25 10:17:07 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2010/03/10 19:36:22 | 000,131,744 | ---- | M] (Kaspersky Lab) [Disabled | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\klserver.exe -- (CSAdminServer) SRV - [2010/03/10 19:36:18 | 000,136,352 | ---- | M] (Kaspersky Lab) [Disabled | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\klnagent.exe -- (KLNagent) SRV - [2009/12/20 11:27:56 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\RemComSvc.exe -- (RemComSvc) SRV - [2009/09/15 10:20:30 | 000,188,736 | ---- | M] (Nitro PDF Software) [On_Demand | Stopped] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool) SRV - [2009/09/15 10:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc) SRV - [2009/07/21 13:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/05/12 13:45:52 | 000,434,945 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2009/05/11 09:31:14 | 000,194,817 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2007/02/27 20:32:30 | 000,061,440 | ---- | M] (http://ocsinventory.sourceforge.net) [Auto | Running] -- C:\Program Files\OCS Inventory Agent\ocsservice.exe -- (OCS INVENTORY) SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/09 13:00:52 | 000,822,272 | ---- | M] (Thomas Hauck, Privat) [Disabled | Stopped] -- C:\Program Files\Jana2\Janad.exe -- (Janad) SRV - [2006/08/13 18:16:44 | 000,016,896 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\ocs\OCS Inventory NG\xampp\apache\bin\apache.exe -- (Apache2) SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [1998/06/10 12:47:24 | 000,025,600 | ---- | M] () [On_Demand | Stopped] -- C:\orant\BIN\CMADM80.EXE -- (OracleCMAdminService80) SRV - [1998/06/10 12:47:22 | 000,033,792 | ---- | M] () [On_Demand | Stopped] -- C:\orant\BIN\CMGW80.EXE -- (OracleCManService80) SRV - [1998/06/10 12:43:40 | 000,122,880 | ---- | M] () [On_Demand | Stopped] -- C:\orant\BIN\NAMES80.EXE -- (OracleNamesService80) SRV - [1998/06/10 12:43:40 | 000,095,744 | ---- | M] () [On_Demand | Stopped] -- C:\orant\BIN\ONRSD80.EXE -- (OracleClientCache80) SRV - [1998/06/10 12:43:18 | 000,091,648 | ---- | M] () [Auto | Running] -- C:\orant\BIN\TNSLSNR80.EXE -- (OracleTNSListener80) ========== Driver Services (SafeList) ========== DRV - [2011/03/25 10:17:21 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2011/03/25 10:17:21 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011/03/25 10:17:16 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2011/03/17 08:28:07 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42) DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2009/07/28 15:33:15 | 000,055,656 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/05/11 09:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/02/13 11:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/06/18 09:29:50 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD) DRV - [2007/11/09 03:23:45 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2007/01/31 14:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit) DRV - [2007/01/18 13:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln) DRV - [2006/09/07 14:25:06 | 001,178,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006/01/25 04:52:31 | 001,478,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/12/02 17:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32) DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) DRV - [2004/03/02 09:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys) DRV - [2004/03/02 09:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.150.128.222:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.fr" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429 FF - prefs.js..network.proxy.backup.ftp: "10.150.128.222" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.gopher: "10.150.128.222" FF - prefs.js..network.proxy.backup.gopher_port: 3128 FF - prefs.js..network.proxy.backup.socks: "10.150.128.222" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "10.150.128.222" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "10.150.128.222" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "10.150.128.222" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "10.150.128.222" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "10.150.128.222" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "10.150.128.222" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2011/04/03 08:21:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF [2011/03/23 10:20:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/07 08:07:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/03 11:14:16 | 000,000,000 | ---D | M] [2010/09/27 09:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Application Data\Mozilla\Extensions [2011/04/11 11:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Application Data\Mozilla\Firefox\Profiles\6avqcm5v.default\extensions [2010/10/12 08:55:41 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Application Data\Mozilla\Firefox\Profiles\6avqcm5v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/10/12 08:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008/06/29 11:07:08 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/03 08:21:46 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/02/08 14:17:07 | 003,695,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll O1 HOSTS File: ([2011/03/17 09:56:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\administrateur.SONELGAZSK.000\Menu Démarrer\Programmes\Démarrage\ipmsg.exe (H.Shirouzu) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplayusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\add_url.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O15 - HKCU\..Trusted Ranges: Range1 ([https] in Sites de confiance) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284386798453 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234255844828 (MUWebControl Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://plugin.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sonelgazsk.sk O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\Controls\SAPHTMLP.DLL (SAP AG, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\Controls\SAPHTMLP.DLL (SAP AG, Walldorf) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/05/13 10:58:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011/02/13 14:57:19 | 000,000,000 | R--D | M] - C:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011/03/17 15:07:25 | 000,000,000 | RHSD | M] - W:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011/03/14 09:42:10 | 000,000,000 | R--D | M] - Y:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008/04/29 14:51:40 | 000,000,000 | ---- | M] () - Z:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011/03/14 09:42:10 | 000,000,000 | R--D | M] - Z:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/04/10 09:30:09 | 000,000,000 | ---D | C] -- C:\_OTL [2011/04/07 13:25:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\OTL.exe [2011/04/05 15:09:08 | 000,000,000 | ---D | C] -- C:\xpsp3 [2011/04/05 08:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Nouveau dossier [2011/03/24 12:08:56 | 000,000,000 | -H-D | C] -- C:\$AVG8.VAULT$ [2011/03/23 15:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Article_07_files [2011/03/23 10:21:09 | 000,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2011/03/23 10:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AVG Free 8.5 [2011/03/23 10:21:08 | 000,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2011/03/23 10:20:59 | 000,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2011/03/23 10:20:55 | 000,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2011/03/23 10:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg [2011/03/23 10:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Application Data\AVGTOOLBAR [2011/03/23 10:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8 [2011/03/23 10:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AVG Anti-Rootkit Free [2011/03/23 10:17:15 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys [2011/03/23 10:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT [2011/03/23 08:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag [2011/03/20 14:00:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/03/17 10:01:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2011/03/17 08:28:07 | 000,038,976 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys [2011/03/17 08:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Tenable [2008/05/16 15:52:24 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2004/11/24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/11 13:47:00 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3055393796-1024469015-745597161-1250UA.job [2011/04/11 13:28:12 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/04/11 09:36:45 | 074,277,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011/04/11 08:47:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3055393796-1024469015-745597161-1250Core.job [2011/04/11 08:22:49 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/04/11 08:22:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/04/11 08:22:32 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Nouvelle Tâche.job [2011/04/11 08:22:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/04/10 08:19:28 | 000,000,283 | ---- | M] () -- C:\boot.ini [2011/04/07 19:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/04/07 15:19:24 | 001,143,296 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\L'histoire_de_la_mayo.pps [2011/04/07 13:30:45 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011/04/07 13:26:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\OTL.exe [2011/04/06 14:00:58 | 000,001,174 | -H-- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\Default.rdp [2011/04/06 10:17:31 | 000,160,230 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\210265_163409613715128_100001382724847_376456_7971930_o.jpg [2011/04/06 08:08:20 | 390,369,280 | -H-- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\xpsp3_5512.080413-2113_fr_x86fre_spcd.iso.DE [2011/04/05 14:22:32 | 390,365,184 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\xpsp3_5512.080413-2113_fr_x86fre_spcd.iso [2011/04/05 07:45:34 | 003,162,063 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Le soir dalgerie 05.04.2011.pdf [2011/04/04 19:24:26 | 005,293,249 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\05042011.pdf [2011/04/04 15:29:16 | 000,090,231 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\JIJEL.jpg [2011/04/03 16:03:14 | 000,110,774 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\REVENDICATIONS skikda.pdf [2011/03/31 16:39:11 | 000,002,416 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2011/03/27 15:04:19 | 000,001,024 | ---- | M] () -- C:\.rnd [2011/03/25 10:17:22 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2011/03/25 10:17:21 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2011/03/25 10:17:21 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2011/03/25 10:17:16 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2011/03/24 20:40:08 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2011/03/24 20:40:08 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2011/03/23 16:05:54 | 1063,436,288 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2011/03/23 15:37:07 | 000,051,911 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Article_07.htm [2011/03/23 10:21:09 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG Free 8.5.lnk [2011/03/23 10:20:47 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2011/03/23 10:17:16 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG Anti-Rootkit Free.lnk [2011/03/23 08:17:45 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin [2011/03/22 12:45:16 | 000,673,280 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\12.pps [2011/03/22 12:41:20 | 004,257,557 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Vidéos publiées par ----- - ----- - ------ --- ----!! ----.mp4 [2011/03/22 10:04:42 | 000,252,008 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\FamillesAlgérie.rar [2011/03/17 10:48:00 | 000,023,029 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\confirmation.aspx [2011/03/17 09:56:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/03/17 08:28:07 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/07 15:28:43 | 001,143,296 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\L'histoire_de_la_mayo.pps [2011/04/07 13:30:45 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011/04/06 13:27:42 | 000,160,230 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\210265_163409613715128_100001382724847_376456_7971930_o.jpg [2011/04/05 15:32:42 | 390,369,280 | -H-- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\xpsp3_5512.080413-2113_fr_x86fre_spcd.iso.DE [2011/04/05 11:06:47 | 005,293,249 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\05042011.pdf [2011/04/05 08:41:48 | 000,090,231 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\JIJEL.jpg [2011/04/05 08:40:57 | 003,162,063 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Le soir dalgerie 05.04.2011.pdf [2011/04/03 16:04:42 | 000,110,774 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\REVENDICATIONS skikda.pdf [2011/03/23 15:36:54 | 000,051,911 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Article_07.htm [2011/03/23 10:21:09 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVG Free 8.5.lnk [2011/03/23 10:20:47 | 074,277,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011/03/23 10:20:47 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2011/03/23 10:20:47 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2011/03/23 10:20:47 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2011/03/23 10:17:16 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVG Anti-Rootkit Free.lnk [2011/03/23 08:17:45 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin [2011/03/22 14:36:35 | 000,673,280 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\12.pps [2011/03/22 14:34:40 | 004,257,557 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Vidéos publiées par ----- - ----- - ------ --- ----!! ----.mp4 [2011/03/22 10:04:21 | 000,252,008 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\FamillesAlgérie.rar [2011/03/20 15:56:19 | 001,357,180 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\ÊÕæíÑ ÓÑíÚ.wmv [2011/03/17 10:48:55 | 390,365,184 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\xpsp3_5512.080413-2113_fr_x86fre_spcd.iso [2011/03/17 10:48:00 | 000,023,029 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\confirmation.aspx [2011/03/17 08:28:06 | 000,001,024 | ---- | C] () -- C:\.rnd [2010/11/28 14:14:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll [2010/11/28 14:14:38 | 000,002,395 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini [2010/11/11 14:42:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/11/11 14:42:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/11/11 14:42:05 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/11/11 14:42:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/11/11 14:42:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/11/07 10:40:50 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Local Settings\Application Data\fusioncache.dat [2010/08/12 11:33:30 | 000,000,180 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2010/07/29 15:14:48 | 000,000,024 | RH-- | C] () -- C:\WINDOWS\wcpx_.dat [2010/01/31 09:16:33 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/12 13:52:44 | 000,003,287 | ---- | C] () -- C:\WINDOWS\my.ini.old [2010/01/11 11:36:23 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2010/01/11 11:36:22 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE [2009/12/28 08:39:59 | 000,001,994 | ---- | C] () -- C:\WINDOWS\MediaR36.ini [2009/12/14 11:49:34 | 000,000,683 | ---- | C] () -- C:\WINDOWS\saplogon.ini [2009/12/14 11:49:33 | 000,000,054 | ---- | C] () -- C:\WINDOWS\sapmsg.ini [2009/12/14 11:38:53 | 000,175,616 | R--- | C] () -- C:\WINDOWS\System32\h5menu32.dll [2009/12/14 11:38:53 | 000,095,744 | R--- | C] () -- C:\WINDOWS\System32\h5rtf32.dll [2009/12/14 11:38:53 | 000,051,200 | R--- | C] () -- C:\WINDOWS\System32\h5tool32.dll [2009/12/14 11:38:52 | 001,064,960 | R--- | C] () -- C:\WINDOWS\System32\h5krnl32.dll [2009/12/14 11:38:51 | 000,188,928 | R--- | C] () -- C:\WINDOWS\System32\h5icon32.dll [2009/12/14 11:38:33 | 000,015,872 | R--- | C] () -- C:\WINDOWS\System32\vtssm32.dll [2009/09/27 09:17:14 | 000,006,613 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini [2009/06/17 10:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll [2009/06/09 16:24:02 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2009/06/09 16:22:39 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sxp2ml3.dll [2009/06/09 16:22:24 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\secsnmp.dll [2009/02/07 10:13:26 | 000,000,155 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2009/02/07 10:13:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini [2009/02/07 10:13:19 | 001,531,904 | ---- | C] () -- C:\WINDOWS\adiras.exe [2009/02/07 10:13:19 | 000,127,456 | ---- | C] () -- C:\WINDOWS\System32\ipdetect.exe [2009/02/07 10:13:17 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll [2009/02/07 10:13:16 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll [2009/02/07 10:13:11 | 000,022,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\fpga.bin [2009/02/07 09:59:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\autoclk.exe [2009/01/14 10:29:45 | 000,000,120 | ---- | C] () -- C:\WINDOWS\hb_dll.ini [2009/01/14 10:29:27 | 000,013,693 | ---- | C] () -- C:\WINDOWS\MAKESRC.INI [2009/01/14 10:29:27 | 000,006,059 | ---- | C] () -- C:\WINDOWS\REPEDT32.INI [2008/12/06 13:29:08 | 000,006,650 | ---- | C] () -- C:\WINDOWS\coswin.ini [2008/12/03 09:29:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\lotus.ini [2008/07/26 15:47:49 | 000,001,061 | ---- | C] () -- C:\WINDOWS\LMAAE2DD.ini [2008/07/23 15:47:30 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\RemComSvc.exe [2008/07/08 10:09:34 | 000,000,045 | ---- | C] () -- C:\WINDOWS\postit.ini [2008/07/02 10:58:39 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/07/01 10:30:10 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\haspdos.sys [2008/06/29 10:41:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/06/29 10:40:04 | 000,003,049 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008/06/21 10:41:59 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2008/05/17 12:48:48 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2008/05/16 15:53:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2008/05/14 12:41:39 | 000,000,354 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/05/14 08:53:22 | 000,000,591 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/05/13 14:27:21 | 000,000,893 | ---- | C] () -- C:\WINDOWS\adiras.ini [2008/05/13 11:48:47 | 000,004,383 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/05/13 11:47:44 | 000,333,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/05/13 11:00:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/05/13 10:56:15 | 000,023,628 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/01/09 15:01:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe [2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2007/12/24 11:47:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007/12/24 11:40:26 | 000,404,992 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2007/12/22 20:02:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2007/12/22 19:27:22 | 003,104,256 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2007/12/03 14:34:32 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2007/12/01 11:43:30 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2006/11/02 16:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2005/12/08 23:01:06 | 000,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2004/10/08 07:15:38 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\Codejock.CommandBars.9510.lic [2004/10/03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004/08/04 06:08:26 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004/08/04 05:54:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004/08/02 19:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/07/17 16:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2002/09/07 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/09/07 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002/09/07 01:00:00 | 000,521,024 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2002/09/07 01:00:00 | 000,453,036 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002/09/07 01:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2002/09/07 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002/09/07 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002/09/07 01:00:00 | 000,095,040 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2002/09/07 01:00:00 | 000,081,530 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002/09/07 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002/09/07 01:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2002/09/07 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002/09/07 01:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002/09/07 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1996/08/22 02:07:02 | 000,000,320 | ---- | C] () -- C:\WINDOWS\TBINSDT.DAT ========== Files - Unicode (All) ========== [2011/04/10 14:29:15 | 000,014,514 | ---- | M] ()(C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\??? ?? ???? ???? ?? ??? ???? ????? ????????.docx) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\إذا لم تشعر الام في أول شهور الحمل بالغثيان.docx [2011/04/10 14:23:43 | 000,014,514 | ---- | C] ()(C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\??? ?? ???? ???? ?? ??? ???? ????? ????????.docx) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\إذا لم تشعر الام في أول شهور الحمل بالغثيان.docx [2011/04/07 15:52:18 | 000,070,144 | ---- | M] ()(C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\?? ????? ??????.doc) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\فى العصر الحديث.doc [2011/04/07 15:52:18 | 000,070,144 | ---- | C] ()(C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\?? ????? ??????.doc) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\فى العصر الحديث.doc [2011/04/07 08:43:15 | 000,037,888 | ---- | M] ()(C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\?????? ????? ????? ???? ???????.doc) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\السلام عليكم ورحمة الله وبركاته.doc [2011/04/07 08:43:14 | 000,037,888 | ---- | C] ()(C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\?????? ????? ????? ???? ???????.doc) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\السلام عليكم ورحمة الله وبركاته.doc ========== Alternate Data Streams ========== @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF < End of report >
- le 11 avril 2011
- 26 réponses
pb déconnexion réseau

maha a répondu à un sujet dans Analyses et éradication malwares

bonjour; le domaine sonelgazsk.sk est le mien le proxy aussi, donc j'ai supprimé les lignes en rapport avec ces deux points et j'ai inséré le reste esnsuite j'ai lancé "correction" mais le programme s'est planté dessus deux fois!!
- le 10 avril 2011
- 26 réponses
pb déconnexion réseau

maha a répondu à un sujet dans Analyses et éradication malwares

le deuxième rapport : OTL Extras logfile created on: 07/04/2011 13:29:50 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 014,00 Mb Total Physical Memory | 521,00 Mb Available Physical Memory | 51,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71,45 Gb Total Space | 10,67 Gb Free Space | 14,94% Space Free | Partition Type: NTFS Drive W: | 29,81 Gb Total Space | 25,10 Gb Free Space | 84,20% Space Free | Partition Type: NTFS Drive Y: | 61,45 Gb Total Space | 57,27 Gb Free Space | 93,20% Space Free | Partition Type: NTFS Drive Z: | 77,84 Gb Total Space | 65,79 Gb Free Space | 84,53% Space Free | Partition Type: NTFS Computer Name: INTERNETCONNECT | User Name: administrateur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htafile [open] -- "%1" %* https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Parcourir avec XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallDisableNotify" = 0 "FirewallOverride" = 0 "UacDisableNotify" = 0 "UpdatesDisableNotify" = 0 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "13000:TCP" = 13000:TCP:*:Enabled:Kaspersky Administration Kit "13000:UDP" = 13000:UDP:*:Enabled:Kaspersky Administration Kit "14000:TCP" = 14000:TCP:*:Enabled:Kaspersky Administration Kit "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "13000:TCP" = 13000:TCP:*:Enabled:Kaspersky Administration Kit "13000:UDP" = 13000:UDP:*:Enabled:Kaspersky Administration Kit "14000:TCP" = 14000:TCP:*:Enabled:Kaspersky Administration Kit "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool "{12C259B1-8E8C-498D-927D-60040190BF79}" = Kaspersky Administration Kit "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (KAV_CS_ADMIN_KIT) "{2F8BE445-D14C-40E2-AF62-E43539FD1500}" = YouTUBE movie downloader "{3325F72A-EEEC-4731-9CC5-92A9D883B8BC}_is1" = Alphabet_des_animaux_Demo version 1.5 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{58B0F3ED-6FAE-486C-9AB9-1C06514097B4}" = RealSpeak Solo pour la voix francaise Virginie "{67A67432-9B34-11DE-9CAF-D9A555D89593}" = Nitro PDF Professional "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{736993F9-99FC-4890-AEAE-F3D631794C65}" = Nessus "{7521D683-1A52-4D89-B277-C4D63BD2A68C}" = Module d'administration de Kaspersky Anti-Virus 6.0 MP4 "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A45F4518-0DC7-474A-BBE1-F04CC2D6FD93}" = EasyRecovery Professional Trial "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français "{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Assistant de connexion Windows Live "{B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0}" = Micro Application - 36 Dictionnaires et Recueils de Correspondance "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes "{FB3B43A2-CA2A-11D5-A718-0050DAE02D76}" = SAPsetup System Update "{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in "{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10 "{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "ATI Display Driver" = ATI Display Driver "AVG8Uninstall" = AVG 8.5 "AVGantiRootkit" = AVG Anti-Rootkit Free "AxCrypt" = AxCrypt (Désinstaller uniquement) "BlockCAD3.19_is1" = BlockCAD 3.19 "burnatonce_is1" = burnatonce "CCleaner" = CCleaner (remove only) "Data Doctor Recovery Removable Media (Demo)" = Data Doctor Recovery Removable Media (Demo) "DownloadExpress" = MetaProducts Download Express "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FileZilla Client" = FileZilla Client 3.3.2.1 "GanttProject" = GanttProject "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "InstallShield_{12C259B1-8E8C-498D-927D-60040190BF79}" = Kaspersky Administration Kit "InstallShield_{A45F4518-0DC7-474A-BBE1-F04CC2D6FD93}" = EasyRecovery Professional Essai "Jana Server" = Jana Server 2.4.8.51 "KeePass Password Safe_is1" = KeePass Password Safe 1.17 "LeConjugueur" = LeConjugueur "Lexmark Printer Software Uninstall" = Désinstallation du logiciel d'imprimante Lexmark "LMSOFT Web Creator Pro 4" = LMSOFT Web Creator Pro 4 "LosT_Downloads Toolbar" = LosT_Downloads Toolbar "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MSNINST" = MSN "MySQL Connector/ODBC 3.51" = MySQL Connector/ODBC 3.51 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Norton Utilities_is1" = Norton Utilities "OCS Inventory Agent" = OCS Inventory Agent 4.0.3.2 "Picasa2" = Picasa 2 "Prism" = Prism Video Converter "PROPLUS" = Microsoft Office Professional Plus 2007 "PROSet" = Intel® PRO Network Connections Drivers "RealPlayer 6.0" = RealPlayer "Restorer2000_is1" = Restorer2000 3.3 "SAPFrontend" = SAP Front End "Smart Data Recovery_is1" = Smart Data Recovery v3.1 "Smart Partition Recovery_is1" = Smart Partition Recovery v2.2 "SoundTap" = SoundTap Streaming Audio Recorder "ST6UNST #1" = AbaCalc "Switch" = Switch "Unlocker" = Unlocker 1.8.7 "USB Disk Security_is1" = USB Disk Security "VLC media player" = VideoLAN VLC media player 0.8.6c "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "Windows XP/2000/NT Key 6.1 Demo" = Windows Key Demo "WinRAR archiver" = Archiveur WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "xampp" = XAMPP 1.5.5 "Xerox Phaser 3250" = Xerox Phaser 3250 "XnView_is1" = XnView 1.96 "XP Codec Pack" = XP Codec Pack "Yahoo! Companion" = Yahoo! Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07/04/2011 03:28:50 | Computer Name = INTERNETCONNECT | Source = OCS INVENTORY SERVICE | ID = 20 Description = OCS ERROR: Can't get private profile string. Error - 07/04/2011 03:28:50 | Computer Name = INTERNETCONNECT | Source = OCS INVENTORY SERVICE | ID = 20 Description = OCS ERROR: Can't get private profile string. Error - 07/04/2011 03:28:50 | Computer Name = INTERNETCONNECT | Source = OCS INVENTORY SERVICE | ID = 20 Description = OCS ERROR: Can't get private profile string. Error - 07/04/2011 03:30:24 | Computer Name = INTERNETCONNECT | Source = Userenv | ID = 1058 Description = Windows ne peut pas accéder au fichier gpt.ini pour l'objet Stratégie de groupes CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=sonelgazsk,DC=sk. Le fichier doit être présent à l'emplacement <\\sonelgazsk.sk\sysvol\sonelgazsk.sk\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Le nom réseau spécifié n'est plus disponible. ). Le traitement de la stratégie de groupe est interrompu. Error - 07/04/2011 03:30:24 | Computer Name = INTERNETCONNECT | Source = Userenv | ID = 1030 Description = Windows ne peut pas effectuer de requête sur la liste d'objets de Stratégie de groupe. Un message d'erreur fournissant les raisons de ce problème a déjà été enregistré par ce moteur de police. Error - 07/04/2011 03:31:56 | Computer Name = INTERNETCONNECT | Source = Userenv | ID = 1058 Description = Windows ne peut pas accéder au fichier gpt.ini pour l'objet Stratégie de groupes CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=sonelgazsk,DC=sk. Le fichier doit être présent à l'emplacement <\\sonelgazsk.sk\sysvol\sonelgazsk.sk\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Le nom réseau spécifié n'est plus disponible. ). Le traitement de la stratégie de groupe est interrompu. Error - 07/04/2011 03:31:56 | Computer Name = INTERNETCONNECT | Source = Userenv | ID = 1030 Description = Windows ne peut pas effectuer de requête sur la liste d'objets de Stratégie de groupe. Un message d'erreur fournissant les raisons de ce problème a déjà été enregistré par ce moteur de police. Error - 07/04/2011 08:09:54 | Computer Name = INTERNETCONNECT | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module défaillant tblos0.dll, version 6.2.2.4, adresse de défaillance 0x0022932c. Error - 07/04/2011 08:31:39 | Computer Name = INTERNETCONNECT | Source = Userenv | ID = 1058 Description = Windows ne peut pas accéder au fichier gpt.ini pour l'objet Stratégie de groupes CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=sonelgazsk,DC=sk. Le fichier doit être présent à l'emplacement <\\sonelgazsk.sk\sysvol\sonelgazsk.sk\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Les informations de configuration n'ont pas pu être lues sur le contrôleur de domaine car l'ordinateur n'est pas disponible ou l'accès a été refusé. ). Le traitement de la stratégie de groupe est interrompu. Error - 07/04/2011 08:31:39 | Computer Name = INTERNETCONNECT | Source = Userenv | ID = 1030 Description = Windows ne peut pas effectuer de requête sur la liste d'objets de Stratégie de groupe. Un message d'erreur fournissant les raisons de ce problème a déjà été enregistré par ce moteur de police. [ Kaspersky Event Log Events ] Error - 08/02/2011 04:49:32 | Computer Name = INTERNETCONNECT | Source = CSAdminServer | ID = 1 Description = Database error occured: #1950 (-2147467259) Generic db error: "0x80004005, 'Microsoft OLE DB Provider for SQL Server', 'Erreur non spécifiée', 'Cannot open database "KAV" requested by the login. The login failed.', GUID='{0C733A8B-2A1C-11CE-ADE5-00AA0044773D}', LastStatement=''" Error - 08/02/2011 04:49:36 | Computer Name = INTERNETCONNECT | Source = CSAdminServer | ID = 1 Description = Database error occured: #1950 (-2147467259) Generic db error: "0x80004005, 'Microsoft OLE DB Provider for SQL Server', 'Erreur non spécifiée', 'Cannot open database "KAV" requested by the login. The login failed.', GUID='{0C733A8B-2A1C-11CE-ADE5-00AA0044773D}', LastStatement=''" Error - 08/02/2011 07:52:09 | Computer Name = INTERNETCONNECT | Source = CSAdminServer | ID = 1 Description = Database error occured: #1950 (-2147467259) Generic db error: "0x80004005, 'Microsoft OLE DB Provider for SQL Server', 'Erreur non spécifiée', 'Cannot open database "KAV" requested by the login. The login failed.', GUID='{0C733A8B-2A1C-11CE-ADE5-00AA0044773D}', LastStatement=''" Error - 08/02/2011 08:56:38 | Computer Name = INTERNETCONNECT | Source = CSAdminServer | ID = 1 Description = Database error occured: #1950 (-2147467259) Generic db error: "0x80004005, 'Microsoft OLE DB Provider for SQL Server', 'Erreur non spécifiée', 'Expiration du délai', GUID='{0C733A8B-2A1C-11CE-ADE5-00AA0044773D}', LastStatement=''" Error - 13/02/2011 07:27:38 | Computer Name = INTERNETCONNECT | Source = klnagent | ID = 1 Description = L'erreur suivante s'est produite lors de l'utilisation du référentiel des événements : 1197 ('L'erreur 1197/0x0 ('Operation failed because the timeout period expired') s'est produite lors de l'ouverture du fichier 'C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\products\C0D2EB3E725CB67363FF07637CD97ADE\ess\KLAGT_VFOUND_COUNT.ctrl'.'). (id: pEventsStorage->DeleteEvents) #1197 (0) L'erreur 1197/0x0 ('Operation failed because the timeout period expired') s'est produite lors de l'ouverture du fichier 'C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\products\C0D2EB3E725CB67363FF07637CD97ADE\ess\KLAGT_VFOUND_COUNT.ctrl'. Error - 14/02/2011 03:20:40 | Computer Name = INTERNETCONNECT | Source = CSAdminServer | ID = 1 Description = Database error occured: #1950 (-2147467259) Generic db error: "0x80004005, 'Microsoft OLE DB Provider for SQL Server', 'Erreur non spécifiée', 'Cannot open database "KAV" requested by the login. The login failed.', GUID='{0C733A8B-2A1C-11CE-ADE5-00AA0044773D}', LastStatement=''" Error - 22/02/2011 04:49:21 | Computer Name = INTERNETCONNECT | Source = klnagent | ID = 1 Description = L'application KAVWKS6 a rencontré l'erreur 1196 (Access violation fault) lors de la réplication de paramètres. Code opération : KLPRSS_TASKS_POLICY. #1196 (0) Access violation fault Error - 22/02/2011 04:49:21 | Computer Name = INTERNETCONNECT | Source = klnagent | ID = 1 Description = Policy replication failed Product ='KAVWKS6' Version ='6.0.4.0' #1196 (0) Access violation fault Error - 22/02/2011 04:51:23 | Computer Name = INTERNETCONNECT | Source = CSAdminServer | ID = 1 Description = Database error occured: #1950 (-2147467259) Generic db error: "0x80004005, 'Microsoft OLE DB Provider for SQL Server', 'Erreur non spécifiée', 'Expiration du délai', GUID='{0C733A8B-2A1C-11CE-ADE5-00AA0044773D}', LastStatement=''" Error - 27/02/2011 03:29:46 | Computer Name = INTERNETCONNECT | Source = klnagent | ID = 1 Description = L'erreur suivante s'est produite lors de l'utilisation du référentiel des événements : 1197 ('L'erreur 1197/0x0 ('Operation failed because the timeout period expired') s'est produite lors de l'ouverture du fichier 'C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\products\C0D2EB3E725CB67363FF07637CD97ADE\ess\KLAGT_LAST_FSCAN.ctrl'.'). (id: pEventsStorage->DeleteEvents) #1197 (0) L'erreur 1197/0x0 ('Operation failed because the timeout period expired') s'est produite lors de l'ouverture du fichier 'C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\products\C0D2EB3E725CB67363FF07637CD97ADE\ess\KLAGT_LAST_FSCAN.ctrl'. [ OSession Events ] Error - 11/03/2009 03:55:51 | Computer Name = INTERNETCONNECT | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 174 seconds with 120 seconds of active time. This session ended with a crash. Error - 11/03/2009 03:56:11 | Computer Name = INTERNETCONNECT | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 08/09/2009 07:26:46 | Computer Name = INTERNETCONNECT | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash. Error - 24/11/2009 10:21:29 | Computer Name = INTERNETCONNECT | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1677 seconds with 420 seconds of active time. This session ended with a crash. Error - 26/10/2010 07:36:57 | Computer Name = INTERNETCONNECT | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 94 seconds with 60 seconds of active time. This session ended with a crash. Error - 16/02/2011 04:17:51 | Computer Name = INTERNETCONNECT | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 45 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 07/04/2011 03:08:55 | Computer Name = INTERNETCONNECT | Source = Service Control Manager | ID = 7001 Description = Le service Avira AntiVir WebGuard dépend du service Avira AntiVir Guard qui n'a pas pu démarrer en raison de l'erreur : %%0 Error - 07/04/2011 03:13:08 | Computer Name = INTERNETCONNECT | Source = Service Control Manager | ID = 7023 Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%1460 Error - 07/04/2011 03:30:08 | Computer Name = INTERNETCONNECT | Source = Service Control Manager | ID = 7000 Description = Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer en raison de l'erreur : %%1058 Error - 07/04/2011 03:30:08 | Computer Name = INTERNETCONNECT | Source = Service Control Manager | ID = 7000 Description = Le service Avira Upgrade Service n'a pas pu démarrer en raison de l'erreur : %%3 Error - 07/04/2011 03:30:08 | Computer Name = INTERNETCONNECT | Source = Service Control Manager | ID = 7000 Description = Le service DgiVecp n'a pas pu démarrer en raison de l'erreur : %%20 Error - 07/04/2011 03:30:08 | Computer Name = INTERNETCONNECT | Source = Service Control Manager | ID = 7000 Description = Le service SSPORT n'a pas pu démarrer en raison de l'erreur : %%2 Error - 07/04/2011 03:30:08 | Computer Name = INTERNETCONNECT | Source = Service Control Manager | ID = 7000 Description = Le service XAMPP Service n'a pas pu démarrer en raison de l'erreur : %%3 Error - 07/04/2011 03:30:08 | Computer Name = INTERNETCONNECT | Source = Service Control Manager | ID = 7001 Description = Le service Avira AntiVir MailGuard dépend du service Avira AntiVir Guard qui n'a pas pu démarrer en raison de l'erreur : %%0 Error - 07/04/2011 03:30:08 | Computer Name = INTERNETCONNECT | Source = Service Control Manager | ID = 7001 Description = Le service Avira AntiVir WebGuard dépend du service Avira AntiVir Guard qui n'a pas pu démarrer en raison de l'erreur : %%0 Error - 07/04/2011 03:34:15 | Computer Name = INTERNETCONNECT | Source = Service Control Manager | ID = 7023 Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%1460 < End of report >
- le 7 avril 2011
- 26 réponses
pb déconnexion réseau

maha a répondu à un sujet dans Analyses et éradication malwares

voci le premier rapport : OTL.txt OTL logfile created on: 07/04/2011 13:29:50 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 014,00 Mb Total Physical Memory | 521,00 Mb Available Physical Memory | 51,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71,45 Gb Total Space | 10,67 Gb Free Space | 14,94% Space Free | Partition Type: NTFS Drive W: | 29,81 Gb Total Space | 25,10 Gb Free Space | 84,20% Space Free | Partition Type: NTFS Drive Y: | 61,45 Gb Total Space | 57,27 Gb Free Space | 93,20% Space Free | Partition Type: NTFS Drive Z: | 77,84 Gb Total Space | 65,79 Gb Free Space | 84,53% Space Free | Partition Type: NTFS Computer Name: INTERNETCONNECT | User Name: administrateur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/04/07 13:26:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\OTL.exe PRC - [2011/03/25 10:17:22 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2011/03/25 10:17:21 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2011/03/25 10:17:17 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2011/03/25 10:17:15 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2011/03/25 10:17:11 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2011/03/25 10:17:07 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2011/03/23 10:20:42 | 000,672,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\aAvgApi.exe PRC - [2009/12/04 12:44:48 | 000,773,120 | ---- | M] (Dominik Reichl) -- C:\Program Files\KeePass Password Safe\KeePass.exe PRC - [2009/09/15 10:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE PRC - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008/05/13 15:59:11 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe PRC - [2008/05/02 05:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe PRC - [2007/09/20 10:35:36 | 000,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe PRC - [2007/02/27 20:32:30 | 000,061,440 | ---- | M] (http://ocsinventory.sourceforge.net'>http://ocsinventory.sourceforge.net) -- C:\Program Files\OCS Inventory Agent\OcsService.exe PRC - [2006/01/13 22:59:08 | 000,159,772 | ---- | M] (H.Shirouzu) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Menu Démarrer\Programmes\Démarrage\ipmsg.exe PRC - [2004/08/04 05:54:50 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003/01/30 06:48:24 | 000,143,360 | ---- | M] () -- C:\WINDOWS\autoclk.exe PRC - [1998/06/10 12:43:18 | 000,091,648 | ---- | M] () -- C:\orant\BIN\TNSLSNR80.EXE ========== Modules (SafeList) ========== MOD - [2011/04/07 13:26:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\OTL.exe MOD - [2008/05/02 05:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll MOD - [2004/08/04 05:52:46 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (XAMPP) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [Auto | Stopped] -- -- (AntiVirUpgradeService) SRV - [2011/03/25 10:17:11 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2011/03/25 10:17:07 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2011/02/25 09:52:42 | 000,010,240 | ---- | M] (Tenable Network Security, Inc) [On_Demand | Stopped] -- C:\Program Files\Tenable\Nessus\nessus-service.exe -- (Tenable Nessus) SRV - [2010/03/10 19:36:22 | 000,131,744 | ---- | M] (Kaspersky Lab) [Disabled | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\klserver.exe -- (CSAdminServer) SRV - [2010/03/10 19:36:18 | 000,136,352 | ---- | M] (Kaspersky Lab) [Disabled | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\klnagent.exe -- (KLNagent) SRV - [2009/12/20 11:27:56 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\RemComSvc.exe -- (RemComSvc) SRV - [2009/09/15 10:20:30 | 000,188,736 | ---- | M] (Nitro PDF Software) [On_Demand | Stopped] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool) SRV - [2009/09/15 10:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc) SRV - [2009/07/21 13:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/05/12 13:45:52 | 000,434,945 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2009/05/11 09:31:14 | 000,194,817 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2007/02/27 20:32:30 | 000,061,440 | ---- | M] (http://ocsinventory.sourceforge.net) [Auto | Running] -- C:\Program Files\OCS Inventory Agent\ocsservice.exe -- (OCS INVENTORY) SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/09 13:00:52 | 000,822,272 | ---- | M] (Thomas Hauck, Privat) [Disabled | Stopped] -- C:\Program Files\Jana2\Janad.exe -- (Janad) SRV - [2006/08/13 18:16:44 | 000,016,896 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\ocs\OCS Inventory NG\xampp\apache\bin\apache.exe -- (Apache2) SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [1998/06/10 12:47:24 | 000,025,600 | ---- | M] () [On_Demand | Stopped] -- C:\orant\BIN\CMADM80.EXE -- (OracleCMAdminService80) SRV - [1998/06/10 12:47:22 | 000,033,792 | ---- | M] () [On_Demand | Stopped] -- C:\orant\BIN\CMGW80.EXE -- (OracleCManService80) SRV - [1998/06/10 12:43:40 | 000,122,880 | ---- | M] () [On_Demand | Stopped] -- C:\orant\BIN\NAMES80.EXE -- (OracleNamesService80) SRV - [1998/06/10 12:43:40 | 000,095,744 | ---- | M] () [On_Demand | Stopped] -- C:\orant\BIN\ONRSD80.EXE -- (OracleClientCache80) SRV - [1998/06/10 12:43:18 | 000,091,648 | ---- | M] () [Auto | Running] -- C:\orant\BIN\TNSLSNR80.EXE -- (OracleTNSListener80) ========== Driver Services (SafeList) ========== DRV - [2011/03/25 10:17:21 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2011/03/25 10:17:21 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011/03/25 10:17:16 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2011/03/17 08:28:07 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42) DRV - [2009/07/28 15:33:15 | 000,055,656 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/05/11 09:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/02/13 11:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/06/18 09:29:50 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD) DRV - [2007/11/09 03:23:45 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2007/01/31 14:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit) DRV - [2007/01/18 13:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln) DRV - [2006/09/07 14:25:06 | 001,178,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006/01/25 04:52:31 | 001,478,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/12/02 17:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32) DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) DRV - [2004/03/02 09:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys) DRV - [2004/03/02 09:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\URLSearchHook: {dcdfe6de-62c3-4e8d-8a85-5948daa51ec3} - C:\Program Files\LosT_Downloads\tbLos0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.150.128.222:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.fr" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429 FF - prefs.js..network.proxy.backup.ftp: "10.150.128.222" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.gopher: "10.150.128.222" FF - prefs.js..network.proxy.backup.gopher_port: 3128 FF - prefs.js..network.proxy.backup.socks: "10.150.128.222" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "10.150.128.222" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "10.150.128.222" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "10.150.128.222" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "10.150.128.222" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "10.150.128.222" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "10.150.128.222" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2011/04/03 08:21:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF [2011/03/23 10:20:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/07 08:07:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/03 11:14:16 | 000,000,000 | ---D | M] [2010/09/27 09:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Application Data\Mozilla\Extensions [2011/04/06 14:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Application Data\Mozilla\Firefox\Profiles\6avqcm5v.default\extensions [2010/10/12 08:55:41 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Application Data\Mozilla\Firefox\Profiles\6avqcm5v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/10/12 08:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008/06/29 11:07:08 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/03 08:21:46 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/02/08 14:17:07 | 003,695,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll O1 HOSTS File: ([2011/03/17 09:56:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.) O2 - BHO: (LosT Downloads Toolbar) - {dcdfe6de-62c3-4e8d-8a85-5948daa51ec3} - C:\Program Files\LosT_Downloads\tbLos0.dll (Conduit Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------) O3 - HKLM\..\Toolbar: (LosT Downloads Toolbar) - {dcdfe6de-62c3-4e8d-8a85-5948daa51ec3} - C:\Program Files\LosT_Downloads\tbLos0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (LosT Downloads Toolbar) - {DCDFE6DE-62C3-4E8D-8A85-5948DAA51EC3} - C:\Program Files\LosT_Downloads\tbLos0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------) O3 - HKCU\..\Toolbar\WebBrowser: (LosT Downloads Toolbar) - {DCDFE6DE-62C3-4E8D-8A85-5948DAA51EC3} - C:\Program Files\LosT_Downloads\tbLos0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [autoclk] C:\WINDOWS\autoclk.exe () O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [sigmatelSysTrayApp] File not found O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl) O4 - Startup: C:\Documents and Settings\administrateur.SONELGAZSK.000\Menu Démarrer\Programmes\Démarrage\ipmsg.exe (H.Shirouzu) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplayusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\add_url.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O15 - HKCU\..Trusted Ranges: Range1 ([https] in Sites de confiance) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284386798453 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234255844828 (MUWebControl Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://plugin.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sonelgazsk.sk O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\Controls\SAPHTMLP.DLL (SAP AG, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\Controls\SAPHTMLP.DLL (SAP AG, Walldorf) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/05/13 10:58:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011/02/13 14:57:19 | 000,000,000 | R--D | M] - C:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011/03/17 15:07:25 | 000,000,000 | RHSD | M] - W:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011/03/14 09:42:10 | 000,000,000 | R--D | M] - Y:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008/04/29 14:51:40 | 000,000,000 | ---- | M] () - Z:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011/03/14 09:42:10 | 000,000,000 | R--D | M] - Z:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin ========== Files/Folders - Created Within 30 Days ========== [2011/04/07 13:25:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\OTL.exe [2011/04/05 15:09:08 | 000,000,000 | ---D | C] -- C:\xpsp3 [2011/04/05 08:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Nouveau dossier [2011/04/04 16:12:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/03/24 12:08:56 | 000,000,000 | -H-D | C] -- C:\$AVG8.VAULT$ [2011/03/23 15:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Article_07_files [2011/03/23 10:21:09 | 000,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2011/03/23 10:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AVG Free 8.5 [2011/03/23 10:21:08 | 000,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2011/03/23 10:20:59 | 000,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2011/03/23 10:20:55 | 000,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2011/03/23 10:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg [2011/03/23 10:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Application Data\AVGTOOLBAR [2011/03/23 10:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8 [2011/03/23 10:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AVG Anti-Rootkit Free [2011/03/23 10:17:15 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys [2011/03/23 10:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT [2011/03/23 08:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag [2011/03/20 14:00:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/03/17 10:01:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2011/03/17 08:28:07 | 000,038,976 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys [2011/03/17 08:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Tenable Network Security [2011/03/17 08:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Tenable [2011/03/10 09:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\mpg [2008/05/16 15:52:24 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2004/11/24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/07 13:30:45 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011/04/07 13:28:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/04/07 13:26:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\OTL.exe [2011/04/07 12:47:43 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3055393796-1024469015-745597161-1250UA.job [2011/04/07 08:47:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3055393796-1024469015-745597161-1250Core.job [2011/04/07 08:28:49 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/04/07 08:28:35 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Nouvelle Tâche.job [2011/04/07 08:28:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/04/07 08:14:35 | 074,132,083 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011/04/06 14:00:58 | 000,001,174 | -H-- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\Default.rdp [2011/04/06 10:17:31 | 000,160,230 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\210265_163409613715128_100001382724847_376456_7971930_o.jpg [2011/04/06 08:08:20 | 390,369,280 | -H-- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\xpsp3_5512.080413-2113_fr_x86fre_spcd.iso.DE [2011/04/05 14:22:32 | 390,365,184 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\xpsp3_5512.080413-2113_fr_x86fre_spcd.iso [2011/04/05 13:39:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/04/05 07:45:34 | 003,162,063 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Le soir dalgerie 05.04.2011.pdf [2011/04/04 19:24:26 | 005,293,249 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\05042011.pdf [2011/04/04 15:29:16 | 000,090,231 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\JIJEL.jpg [2011/04/03 16:03:14 | 000,110,774 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\REVENDICATIONS skikda.pdf [2011/03/31 19:03:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/03/31 16:39:11 | 000,002,416 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2011/03/27 15:04:19 | 000,001,024 | ---- | M] () -- C:\.rnd [2011/03/27 15:03:56 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Nessus Server Manager.lnk [2011/03/25 10:17:22 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2011/03/25 10:17:21 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2011/03/25 10:17:21 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2011/03/25 10:17:16 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2011/03/24 20:40:08 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2011/03/24 20:40:08 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2011/03/23 16:05:54 | 1063,436,288 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2011/03/23 15:37:07 | 000,051,911 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Article_07.htm [2011/03/23 10:21:09 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG Free 8.5.lnk [2011/03/23 10:20:47 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2011/03/23 10:17:16 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG Anti-Rootkit Free.lnk [2011/03/23 08:17:45 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin [2011/03/22 12:45:16 | 000,673,280 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\12.pps [2011/03/22 12:41:20 | 004,257,557 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Vidéos publiées par ----- - ----- - ------ --- ----!! ----.mp4 [2011/03/22 10:04:42 | 000,252,008 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\FamillesAlgérie.rar [2011/03/17 10:48:00 | 000,023,029 | ---- | M] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\confirmation.aspx [2011/03/17 09:56:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/03/17 08:28:07 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys [2011/03/09 08:26:59 | 000,333,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/07 13:30:45 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011/04/06 13:27:42 | 000,160,230 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\210265_163409613715128_100001382724847_376456_7971930_o.jpg [2011/04/05 15:32:42 | 390,369,280 | -H-- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\xpsp3_5512.080413-2113_fr_x86fre_spcd.iso.DE [2011/04/05 11:06:47 | 005,293,249 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\05042011.pdf [2011/04/05 08:41:48 | 000,090,231 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\JIJEL.jpg [2011/04/05 08:40:57 | 003,162,063 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Le soir dalgerie 05.04.2011.pdf [2011/04/03 16:04:42 | 000,110,774 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\REVENDICATIONS skikda.pdf [2011/03/23 15:36:54 | 000,051,911 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Article_07.htm [2011/03/23 10:21:09 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVG Free 8.5.lnk [2011/03/23 10:20:47 | 074,132,083 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011/03/23 10:20:47 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2011/03/23 10:20:47 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2011/03/23 10:20:47 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2011/03/23 10:17:16 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVG Anti-Rootkit Free.lnk [2011/03/23 08:17:45 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin [2011/03/22 14:36:35 | 000,673,280 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\12.pps [2011/03/22 14:34:40 | 004,257,557 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Vidéos publiées par ----- - ----- - ------ --- ----!! ----.mp4 [2011/03/22 10:04:21 | 000,252,008 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\Familles.rar [2011/03/20 15:56:19 | 001,357,180 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Bureau\ÊÕæíÑ ÓÑíÚ.wmv [2011/03/17 10:48:55 | 390,365,184 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\xpsp3_5512.080413-2113_fr_x86fre_spcd.iso [2011/03/17 10:48:00 | 000,023,029 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\confirmation.aspx [2011/03/17 08:28:06 | 000,001,024 | ---- | C] () -- C:\.rnd [2011/03/17 08:09:22 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Nessus Server Manager.lnk [2010/11/28 14:14:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll [2010/11/28 14:14:38 | 000,002,395 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini [2010/11/11 14:42:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/11/11 14:42:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/11/11 14:42:05 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/11/11 14:42:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/11/11 14:42:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/11/07 10:40:50 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Local Settings\Application Data\fusioncache.dat [2010/08/12 11:33:30 | 000,000,180 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2010/07/29 15:14:48 | 000,000,024 | RH-- | C] () -- C:\WINDOWS\wcpx_.dat [2010/01/31 09:16:33 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/12 13:52:44 | 000,003,287 | ---- | C] () -- C:\WINDOWS\my.ini.old [2010/01/11 11:36:23 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2010/01/11 11:36:22 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE [2009/12/28 08:39:59 | 000,001,994 | ---- | C] () -- C:\WINDOWS\MediaR36.ini [2009/12/14 11:49:34 | 000,000,683 | ---- | C] () -- C:\WINDOWS\saplogon.ini [2009/12/14 11:49:33 | 000,000,054 | ---- | C] () -- C:\WINDOWS\sapmsg.ini [2009/12/14 11:38:53 | 000,175,616 | R--- | C] () -- C:\WINDOWS\System32\h5menu32.dll [2009/12/14 11:38:53 | 000,095,744 | R--- | C] () -- C:\WINDOWS\System32\h5rtf32.dll [2009/12/14 11:38:53 | 000,051,200 | R--- | C] () -- C:\WINDOWS\System32\h5tool32.dll [2009/12/14 11:38:52 | 001,064,960 | R--- | C] () -- C:\WINDOWS\System32\h5krnl32.dll [2009/12/14 11:38:51 | 000,188,928 | R--- | C] () -- C:\WINDOWS\System32\h5icon32.dll [2009/12/14 11:38:33 | 000,015,872 | R--- | C] () -- C:\WINDOWS\System32\vtssm32.dll [2009/09/27 09:17:14 | 000,006,613 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini [2009/06/17 10:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll [2009/06/09 16:24:02 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2009/06/09 16:22:39 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sxp2ml3.dll [2009/06/09 16:22:24 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\secsnmp.dll [2009/02/07 10:13:26 | 000,000,155 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2009/02/07 10:13:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini [2009/02/07 10:13:19 | 001,531,904 | ---- | C] () -- C:\WINDOWS\adiras.exe [2009/02/07 10:13:19 | 000,127,456 | ---- | C] () -- C:\WINDOWS\System32\ipdetect.exe [2009/02/07 10:13:17 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll [2009/02/07 10:13:16 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll [2009/02/07 10:13:11 | 000,022,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\fpga.bin [2009/02/07 09:59:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\autoclk.exe [2009/01/14 10:29:45 | 000,000,120 | ---- | C] () -- C:\WINDOWS\hb_dll.ini [2009/01/14 10:29:27 | 000,013,693 | ---- | C] () -- C:\WINDOWS\MAKESRC.INI [2009/01/14 10:29:27 | 000,006,059 | ---- | C] () -- C:\WINDOWS\REPEDT32.INI [2008/12/06 13:29:08 | 000,006,650 | ---- | C] () -- C:\WINDOWS\coswin.ini [2008/12/03 09:29:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\lotus.ini [2008/07/26 15:47:49 | 000,001,061 | ---- | C] () -- C:\WINDOWS\LMAAE2DD.ini [2008/07/23 15:47:30 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\RemComSvc.exe [2008/07/08 10:09:34 | 000,000,045 | ---- | C] () -- C:\WINDOWS\postit.ini [2008/07/02 10:58:39 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/07/01 10:30:10 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\haspdos.sys [2008/06/29 10:41:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/06/29 10:40:04 | 000,003,049 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008/06/21 10:41:59 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2008/05/17 12:48:48 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2008/05/16 15:53:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2008/05/14 12:41:39 | 000,000,354 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/05/14 08:53:22 | 000,000,591 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/05/13 14:27:21 | 000,000,893 | ---- | C] () -- C:\WINDOWS\adiras.ini [2008/05/13 11:48:47 | 000,004,383 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/05/13 11:47:44 | 000,333,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/05/13 11:00:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/05/13 10:56:15 | 000,023,628 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/01/09 15:01:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe [2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2007/12/24 11:47:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007/12/24 11:40:26 | 000,404,992 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2007/12/22 20:02:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2007/12/22 19:27:22 | 003,104,256 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2007/12/03 14:34:32 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2007/12/01 11:43:30 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2006/11/02 16:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2005/12/08 23:01:06 | 000,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2004/10/08 07:15:38 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\Codejock.CommandBars.9510.lic [2004/10/03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004/08/04 06:08:26 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004/08/04 05:54:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004/08/02 19:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/07/17 16:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2002/09/07 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/09/07 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002/09/07 01:00:00 | 000,521,024 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2002/09/07 01:00:00 | 000,453,036 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002/09/07 01:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2002/09/07 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002/09/07 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002/09/07 01:00:00 | 000,095,040 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2002/09/07 01:00:00 | 000,081,530 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002/09/07 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002/09/07 01:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2002/09/07 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002/09/07 01:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002/09/07 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1996/08/22 02:07:02 | 000,000,320 | ---- | C] () -- C:\WINDOWS\TBINSDT.DAT ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2011/03/27 15:04:19 | 000,001,024 | ---- | M] () -- C:\.rnd [2008/05/13 10:58:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008/12/17 10:49:12 | 000,000,212 | ---- | M] () -- C:\Boot.bak [2010/11/28 08:27:26 | 000,000,283 | ---- | M] () -- C:\boot.ini [2002/09/07 01:00:00 | 000,004,952 | ---- | M] () -- C:\Bootfont.bin [2010/02/21 11:00:14 | 000,204,544 | ---- | M] () -- C:\cc_20100221_105910.reg [2004/08/03 23:00:08 | 000,263,488 | ---- | M] () -- C:\cmldr [2011/03/17 10:01:26 | 000,037,001 | ---- | M] () -- C:\ComboFix.txt [2008/05/13 10:58:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010/12/06 13:57:59 | 000,157,176 | ---- | M] () -- C:\Dell OptiPlex 320 Memory - Accessories.htm [2010/11/28 09:18:07 | 000,000,000 | ---- | M] () -- C:\dfinstall.log [2011/02/20 17:11:38 | 008,417,986 | ---- | M] () -- C:\fzac.mp4 [2008/05/13 10:58:54 | 000,000,000 | ---- | M] () -- C:\IO.SYS [2008/05/13 10:58:54 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS [2008/12/17 11:52:31 | 000,002,495 | ---- | M] () -- C:\nagent_log.txt [2004/08/04 03:38:34 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM [2004/08/04 03:59:44 | 000,251,712 | ---- | M] () -- C:\ntldr [2011/04/07 08:28:31 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2011/03/23 08:17:45 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin [2011/04/07 13:30:45 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2010/08/08 10:45:48 | 000,325,264 | ---- | M] () -- C:\xpsp3.rar [1 C:\*.tmp files -> C:\*.tmp -> ] < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2009/04/07 15:31:24 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2009/04/07 14:17:48 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav [2009/04/07 15:31:24 | 023,592,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2009/04/07 15:31:24 | 004,980,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\drivers\*.sys /90 > [2011/03/25 10:17:21 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys [2011/03/25 10:17:21 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys [2011/03/25 10:17:16 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys [2011/03/17 08:28:07 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\system32\drivers\pssdk42.sys < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Files - Unicode (All) ========== [2011/04/07 08:43:15 | 000,037,888 | ---- | M] ()(C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\?????? ????? ????? ???? ???????.doc) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\السلام عليكم ورحمة الله وبركاته.doc [2011/04/07 08:43:14 | 000,037,888 | ---- | C] ()(C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\?????? ????? ????? ???? ???????.doc) -- C:\Documents and Settings\administrateur.SONELGAZSK.000\Mes documents\السلام عليكم ورحمة الله وبركاته.doc ========== Alternate Data Streams ========== @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF < End of report >
- le 7 avril 2011
- 26 réponses
pb déconnexion réseau

maha a répondu à un sujet dans Analyses et éradication malwares

bonjour, J'ai fais passer la mise à jours (difficilement à cause de ma connexion) et voici le rapport: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 6294 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 07/04/2011 08:45:15 mbam-log-2011-04-07 (08-45-15).txt Type d'examen: Examen rapide Elément(s) analysé(s): 266539 Temps écoulé: 8 minute(s), 51 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
- le 7 avril 2011
- 26 réponses
pb déconnexion réseau

maha a répondu à un sujet dans Analyses et éradication malwares

pardon mais vous parlez de la version de la BDD virale ou bien celle du programme. Si c'est de la BBD c'est la dernière version que j'ai téléchargé à partir du lien que vous m'avez donné (elle est daté dans le programme 3/17/2011)
- le 6 avril 2011
- 26 réponses
pb déconnexion réseau

maha a répondu à un sujet dans Analyses et éradication malwares

j'ai désinstallé sharéasa. Pouvez-vous me donner les nom des infections car j'ai une autre machine du meme réseau qui n'est pas conncetée à internet qui connait les mêmes symptomes et que je voudrais nettoyer après avoir terminer avec celle-ci. Merci
- le 6 avril 2011
- 26 réponses
pb déconnexion réseau

maha a répondu à un sujet dans Analyses et éradication malwares

bonjour Voici les deux rapport demandés : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 6092 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 06/04/2011 08:28:59 mbam-log-2011-04-06 (08-28-59).txt Type d'examen: Examen rapide Elément(s) analysé(s): 275723 Temps écoulé: 21 minute(s), 13 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Results of screen317's Security Check version 0.99.10 Windows XP Service Pack 2 Out of date service pack!! Internet Explorer 6 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! AVG 8.5 AVG Anti-Rootkit Free Module d'administration de Kaspersky Anti-Virus 6.0 MP4 Antivirus out of date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner (remove only) Adobe Flash Player Adobe Reader 9 - Français Out of date Adobe Reader installed! Mozilla Firefox (3.6.13) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbam.exe AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe End of Log
- le 6 avril 2011
- 26 réponses
pb déconnexion réseau

maha a répondu à un sujet dans Analyses et éradication malwares

en cliquant sur le triangle signaler j'ai reçu une boite qui demande d'inscrire l'alerte. j'ai mis l'URL de mon poste et j'ai cliquer transférer une fois le transfert terminé la page est retournée sur mon poste. Je dois maintenir la connexion jusqu'à ce que l'analyse commence et je suis cencé être avisé une fois elle est lancée ou quoi?
- le 4 avril 2011
- 26 réponses
pb déconnexion réseau

maha a répondu à un sujet dans Analyses et éradication malwares

Bonjour ticiou; pour l'option signaler même en étant membre je ne le vois pas. que faut-il faire pour désinfecter ma machine?
- le 4 avril 2011
- 26 réponses
ennuyeux DRWATSN

maha a posté un sujet dans Analyses et éradication malwares

Salut je viens vous demander votre aide car ca fait plusieurs mois que j'ai des problèmes avec le fameux dr Watson. Une fenètre s'affiche en me disant drwtsn32.exe a rencontré un problème etc...et me bloque l'application en cours. J'ai lu pas mal de sujets qui parlent de ce problème et apparemment personne n'arrive a s'en débarrasser vraiment. Est ce que l'un d'entre vous sait comment faire pour vraiment régler le problème ? Merci
- le 24 novembre 2010
pb avec favorie réseau

maha a posté un sujet dans Internet & Réseaux

bonjour; J'ai un pb avec favorie réseau.Quand je le lance j'ai le message suivant :"(0x7c92152a adresse mémoire 0x00000002 ne peut être "written"/"read"). D'où vient ce pb?
- le 10 novembre 2010
- 1 réponse
impossible démarer mon PC

maha a posté un sujet dans Hardware

bonjour, Depuis quelques jours je n'arrive pas à démarrer mon PC. Quand j'appuie sur le bouton démarrer j'ai le témoin de l'écran qui clignote orange mais le PC semble fonctionner normalement (le témoin DD allumé ainsi que le clavier) ce n'est qu'après 3 ou 4 tentatives qu'il s'allume. Je pense que c'est un problème de carte graphique. Qu'en pensez vous svp ? Merci
- le 9 novembre 2010
- 1 réponse

Connexion

maha

Compteur de contenus

Inscription

Dernière visite

maha's Achievements

Member (4/12)

Réputation sur la communauté

Problème déconnexion réseau

pb déconnexion réseau

pb déconnexion réseau

pb déconnexion réseau

pb déconnexion réseau

pb déconnexion réseau

pb déconnexion réseau

pb déconnexion réseau

pb déconnexion réseau

pb déconnexion réseau

pb déconnexion réseau

pb déconnexion réseau

ennuyeux DRWATSN

pb avec favorie réseau

impossible démarer mon PC

Zebulon

Outils en ligne

Naviguer